BLOG

Security Awareness Training – It’s Worth It!

By: Darin Barton CISSP, CISA

We tend to expect a little too much from our employees when it comes to understanding the risks associated with their IT and online habits. We tell them, “DON’T click on this” and “DON”T go to that” without really informing them why this is necessary. Over time they get desensitized to IT security and just expect the IT department to make it all right. More often than not there is an acute lack of understanding by employees of what their actions might do and how they can place an entire organization in jeopardy.

Without a doubt, users are the least secure aspect of an organization’s IT security strategy. While attempts can be made to secure the enterprise to the “nth” degree a user can unwittingly circumvent that security by clicking on a destructive link or being tricked into sharing the wrong information.

There are many areas covered within a solid security awareness training program, but in my opinion, two stand out above the rest:

Targeted Attacks

Social Engineering

These two attack vectors are the most common and successful of all attacks because they often use the employ’s desire to trust and naivety against them. We all want to be nice and accommodating at work and attackers have become highly skilled in using these human (I hate to say weaknesses) factors against us with a greater than >75% success rate.

While maintaining a tight perimeter security is very important, what you should be really concerned about is the attack email sent to the HR Manager regarding her University Alumni Dinner or the pretext phone call to the office administrator from “your new IT admin” requesting a password confirmation. Social Media has provided cyber criminals with a vast amount of personal information to select from when conducting targeted attacks, so reminding your staff that this could be used against them – and showing them real examples – is critical to their understanding of how to recognize a potential threat.

Don’t get me wrong, IT security always comes down to where the rubber meets the road. Regardless of how well trained your staff is you must have the proper security countermeasures in place to secure the enterprise. However, training your staff in security awareness is designed to lower your overall risk by removing or greatly reducing their role as a potential threat vector.

The good news is that security awareness training does work if it is maintained, user friendly and relevant to your staff. I recommend augmenting your training with awareness posters and daily reminders around the office work space or prior to accessing the Internet.

Security Awareness Training has been proven to:

Reduce overall threats and risk to the enterprise

Increase an employee’s benefit to an organization

Encourage employee growth and self-esteem

Increase company and employee morale

Promote positive business and work ethics

Improve networking and the sharing of ideas

Provide a higher quality of education and learning

:Darin Barton CISSP, CISA is a senior security professional in Toronto Canada, with 20+ years experience in cybersecurity and investigations and currently employed with Access 2 Networks Inc. (A2N).

Testimonials

Testimonials

"Outstanding support. Unmatched technical expertise. Unbiased opinion. The level of service from A2N post-sales is unparalleled in the industry."

Jamil El Ghazal, Manager, Multiview Corporation

"Thank you for always going above and beyond. Your managed cybersecurity services are exceptional and you constantly demonstrate your dedication to customer service."

Brad Waller, IT Manager, Commonwell Mutual Insurance

“Special thanks to you and your team for the quick turnaround. This is why I keep coming back!”

Byron Bricker, IT Manager, Konrad Group

“…we were really impressed with their service and capability. Most importantly, they share their knowledge. I would recommend them to anyone.”

Guy Parisien, Network Administrator, Canada Council for the Arts

“A2N is one of those companies that just knows how to do things right. They were the best partner choice I ever made. Highly recommended!”

Steven Waters, VP IT, Cannex Financial Exchange

“The team at A2N have helped us out time after time from consulting to fixing. They can always be counted on for their support and they deliver amazing results. These guys, simply, are incredible! “

Chris Stapells, IT Manager, RPM Technologies

"As a major health care provider, we needed a key partner in helping us identify and design a comprehensive solution. Our continued working relationship and aftersales support has been exemplary. I would highly recommended A2N"